A Developer is creating an AWS Lambda function that requires environment variables to store connection information and logging settings. The Developer is required to use an AWS KMS Customer Master Key (CMK) supplied by the Information Security department in order to adhere to company standards for securing Lambda environment variables. Which of the following are required for this configuration to work? (Choose two.)
A) The Developer must configure Lambda access to the VPC using the --vpc-config parameter. The Developer must configure Lambda access to the VPC using the --vpc-config parameter.
B) The Lambda function execution role must have the kms:Decrypt permission added in the AWS IAM policy. The Lambda function execution role must have the kms:Decrypt permission added in the AWS IAM policy.
C) The KMS key policy must allow permissions for the Developer to use the KMS key.
D) The AWS IAM policy assigned to the Developer must have the kms:GenerateDataKey permission added. The AWS IAM policy assigned to the Developer must have the kms:GenerateDataKey permission added.
E) The Lambda execution role must have the kms:Encrypt permission added in the AWS IAM policy. The Lambda execution role must have the kms:Encrypt
Correct Answer:
Verified
Q146: A Security Engineer is working with the
Q147: A company plans to migrate a sensitive
Q148: A Web Administrator for the website example.com
Q149: A Website currently runs on Amazon EC2,
Q150: While securing the connection between a company's
Q152: A Developer signed in to a new
Q153: A company has Windows Amazon EC2 instances
Q154: An organization wants to be alerted when
Q155: An Application Developer is using an AWS
Q156: A company's Developers plan to migrate their
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents